Pub. 13 2018-2019 Issue 5

WWW.NEBANKERS.ORG 14 PATCH YOUR SERVERS, PATCH YOUR PEOPLE TECH TALK Jeremy Smith, CoNetrix “B UT I DON’T EVENHAVE AN ICLOUDACCOUNT!”MY AUNT said over the phone, as the realization of her fear began to set in. “Is this just a scam?!” At this point vishing scammers had already installed remote software on her PC and were attempting to have her purchase Google Play Store prepaid cards and send them the codes so the “problem” with her “account” would be “fixed.” In response, the plug was pulled, the hard drive destroyed and passwords were changed. A diploma from the school of close calls was earned that day. If only my aunt knew – if only she had been “patched!” Institutions spend a considerable amount of money and energy to ensure that their workstations, servers, and network devices have the latest security software. We harden, secure, rollout, install, update, enable/disable, upgrade and patch our information systems (which are all good and necessary things!) but how often are we “patching” our employees? Is lumping a fifteen-minute slideshow presentation on security awareness into your annual end of year training enough? According to a recent report by KnowBe4, 91% of successful data breaches started with a spear phishing attack (1). Why do attackers keep targeting humans? Well, we tend to be social,